CCE-95468-5Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
sudo allows a permitted user to execute a command as the superuser or another user, as
specified by the security policy. The invoking user's real (not effective) user ID is used to
determine the user name with which to query the security policy.
Rationale:
sudo supports a plugin architecture for security policies and input/output logging. Third
parties can develop and distribute their own policy and I/O logging plugins to work
seamlessly with the sudo front end. The default security policy is sudoers, which is
configured via the file /etc/sudoers.
The security policy determines what privileges, if any, a user has to run sudo. The policy
may require that users authenticate themselves with a password or another authentication
mechanism. If authentication is required, sudo will exit if the users password is not
entered within a configurable time limit. This limit is policy-specific.
Audit:
Verify that sudo in installed.
Run the following command:
# rpm -q sudo
sudo-
Remediation:
Run the following command to install sudo
# dnf install sudo
Parameter:
[yes/No]
Technical Mechanism:
Run the following command to install sudo
# dnf install sudo
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.8 | Attack Vector: LOCAL |
Exploit Score: 2.0 | Attack Complexity: LOW |
Impact Score: 6.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72914 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73019 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72808 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68619 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72378 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84252 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72012 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72705 |